★斗 存储管理 8 王雷 北京航空航天大学计算机系
Microsoft Windows 2000/XP 1 王 雷 北京航空航天大学计算机系
★斗 签均容 己3元· Window200内存管理 · Windows2000XP外存管理 .w0d09200N°高速级存管理 8
Microsoft Windows 2000/XP 2 内容• Windows 2000/XP内存管理 • Windows 2000/XP外存管理 • Windows 2000/XP高速缓存管理
★斗 签为工具 www.ntinternals.com Nt 2.N资源包 Platform SDK 8 NTDDK
Microsoft Windows 2000/XP 3 工具• www.ntinternals.com • Nt • Nt资源包 • Platform SDK • NT DDK
★斗 调试工具 CDB. exe i386kd. exe windbg exe 8 softice(www.numega.com
Microsoft Windows 2000/XP 4 调试工具 • CDB.exe • i386kd.exe • windbg.exe • softice(www.numega.com)
★斗 null -modem cable 8 HOST TARGET Running windows 2000 Rurning windows 2000 free buld and kernel debugger checked build
Microsoft Windows 2000/XP 5
★斗 委配置 配置宿主机调试环境 双机串口通讯连接 ·目标机的 WINDOWS启动时加上cbug 参数 82.安装与目标机系统相匹配的Symh文件
Microsoft Windows 2000/XP 6 配置 • 配置宿主机调试环境 • 双机串口通讯连接 • 目标机的WINDOWS启动时加上/debug 参数 • 安装与目标机系统相匹配的Symbol文件
★斗 kd>!processfields Pcb 0x0 Exitstatus 0x68 LockEvent 0x6c LockCount 0x7 Createfile 0x80 ExitTime 0x88 LockOwner 0x90 UniqueProcessld 0x94 ActiveProcesslinks 0x98 8 QuotaPeakPoolUsage[0] Oao QuotaPoolUsage [0] Oxa8 PagefileUsage: Oxb0 Commitcharge 0xb4 PeakPagefileusage Oxb 8 Peakvirtualsize Ocbc Virtualize OxcO 0xc8
Microsoft Windows 2000/XP 7 kd> !processfields Pcb: 0x0 ExitStatus: 0x68 LockEvent: 0x6c LockCount: 0x7c CreateTime: 0x80 ExitTime: 0x88 LockOwner: 0x90 UniqueProcessId: 0x94 ActiveProcessLinks: 0x98 QuotaPeakPoolUsage[0]: 0xa0 QuotaPoolUsage[0]: 0xa8 PagefileUsage: 0xb0 CommitCharge: 0xb4 PeakPagefileUsage: 0xb8 PeakVirtualSize: 0xbc VirtualSize: 0xc0 Vm: 0xc8
LastProtopteFault Oxf Oxfo ★斗 ExceptionPort 0x100 ObjectTable: 0x104 Token 0x108 Working setlock 0x10c Workingsetpage: 0x12C ProcessoutswapEnabled 0×130 Address spaceInitialized 0x132 Address space Deleted: 0×133 AddressCreationlock 0x134 ForkInprogress 自巨星 manhandle: InOperation Rebc VmOperationEvent g且 onBaseAddress PageDirectorypte: Bu6eABlock 8 LastFaultcount 旦x自量 hreadExitstatus: VadRoot 谷士] ng SetWatch: VadHint 豆色生 itedFromUniqueProcessId: Cloneroot e¥ aeedAccess NumberofPrivatePages NumberofLockedPages: 0x180 ForkWas successful 0x15e ExitProcesscalled 0x186 CreateProcessReported 0x187 8
Microsoft Windows 2000/XP 8 LastProtoPteFault: 0xf8 DebugPort: 0xfc ExceptionPort: 0x100 ObjectTable: 0x104 Token: 0x108 WorkingSetLock: 0x10c WorkingSetPage: 0x12c ProcessOutswapEnabled: 0x130 ProcessOutswapped: 0x131 AddressSpaceInitialized: 0x132 AddressSpaceDeleted: 0x133 AddressCreationLock: 0x134 ForkInProgress: 0x158 VmOperation: 0x15c VmOperationEvent: 0x160 PageDirectoryPte: 0x164 LastFaultCount: 0x168 VadRoot: 0x170 VadHint: 0x174 CloneRoot: 0x178 NumberOfPrivatePages: 0x17c NumberOfLockedPages: 0x180 ForkWasSuccessful: 0x15e ExitProcessCalled: 0x186 CreateProcessReported: 0x187 SectionHandle: 0x188 Peb: 0x18c SectionBaseAddress: 0x190 QuotaBlock: 0x194 LastThreadExitStatus: 0x198 WorkingSetWatch: 0x19c InheritedFromUniqueProcessId: 0x1a4 GrantedAccess: 0x1a8
Sa kd>! process O PROCESs 80147120 Cid:0000 Peb: 00000000 Parentcid: 0000 DirBase: 00030000 ObiectTable: 80731e88 Tablesize: 254 Image: Idle VadRoot0 Clone 0 Private 0. Modified 0. Locked 0 801472DC Mutantstate Locked OwningThread 0 Process Lock Owned by Thread 0 e1000750 Elapsedtime 7:41:18.0524 Userfime 0:00:00.0000 Kerneltime 9:34:32.0780 QuotaPoolUsage PagedPool] QuotaPoolUsage [NonPagedPool Working Set Sizes (now, min, max)(4, 50, 450)(16KB, 200KB 800KB PeakWorking setsize Virtualize 0 Mb 92 Peakvirtualsize PageFaultCount MemoryPriority BACKGROUND Basepriority 0 Commitcharge 0 THREAD 80147320 Cid 0.0 Teb: 00000000 Win32Thread 00000000 RUNNING
Microsoft Windows 2000/XP 9 kd> !process 0 PROCESS 80147120 Cid: 0000 Peb: 00000000 ParentCid: 0000 DirBase: 00030000 ObjectTable: 80731e88 TableSize: 254. Image: Idle VadRoot 0 Clone 0 Private 0. Modified 0. Locked 0. 801472DC MutantState Locked OwningThread 0 Process Lock Owned by Thread 0 Token e1000750 ElapsedTime 7:41:18.0524 UserTime 0:00:00.0000 KernelTime 9:34:32.0780 QuotaPoolUsage[PagedPool] 0 QuotaPoolUsage[NonPagedPool] 0 Working Set Sizes (now,min,max) (4, 50, 450) (16KB, 200KB, 1800KB) PeakWorkingSetSize 4 VirtualSize 0 Mb PeakVirtualSize 0 Mb PageFaultCount 1 MemoryPriority BACKGROUND BasePriority 0 CommitCharge 0 THREAD 80147320 Cid 0.0 Teb: 00000000 Win32Thread: 00000000 RUNNING
★斗 签均存蕾理 ·组成部分 ·地址空间的布局 2·地址转换机制 内存分配方式 8 缺页处理 总2·工作集 物理内存管理 ·其他内存相关机制
Microsoft Windows 2000/XP 10 内存管理 • 组成部分 • 地址空间的布局 • 地址转换机制 • 内存分配方式 • 缺页处理 • 工作集 • 物理内存管理 • 其他内存相关机制